############################################################################# ###### ###### This script will search windows online updates and download/install ###### all available updates and email results to specified address ###### ############################################################################# $UserNameStr = gc env:username $SmtpServer = '' $ComputerNameStr = gc env:computername $Temp = gc env:temp if ( $args[0]+'' -ne '' ) { $To = $args[0] } elseif ($UserNameStr.Substring($UserNameStr.Length-1,1) -eq '$') { $To = '' } else { $To = $UserNameStr+'@xyz.com' } $now=Get-Date -format "yyyy/MM/dd HH:mm:ss" Write-Output "$now Starting Script on $ComputerNameStr by $UserNameStr, will send email to $To" | Out-File "$temp\Updates.log" Write-Output "$now Starting..." ### Figure out if WSUS is used and if so, temporarily disable, and store to turn back on later $UseWUServer = (Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU UseWUServer -WarningAction SilentlyContinue ).UseWUServer If ( $UseWUServer -eq 1 ) { Set-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU UseWUServer 0 Restart-Service wuauserv } ### Setup Com Object $Session = New-Object -ComObject "Microsoft.Update.Session" $UpdatesToDownload = New-Object -ComObject "Microsoft.Update.UpdateColl" ### Create sub-Objects $Searcher = $Session.CreateUpdateSearcher() $Searcher.Online = 'TRUE' $Downloader = $Session.CreateUpdateDownloader() $Installer = $Session.CreateUpdateInstaller() ### Check for updates $now=Get-Date -format "yyyy/MM/dd HH:mm:ss" Write-Output "$now Searching for updates..." | Out-File "$temp\Updates.log" -Append Write-Output "$now Searching for updates..." $NeedUpdates = $Searcher.Search("IsInstalled=0") ### Continue only if updates were found if (($NeedUpdates.Updates.Count -gt 0 ) -and -not ($NeedUpdates.Updates.Count -eq 1 -and $NeedUpdates.Updates.Item(0).Title.Substring(0,39) -eq 'Windows Malicious Software Removal Tool')) { ### Create download list $now=Get-Date -format "yyyy/MM/dd HH:mm:ss" Write-Output "$now Found updates:" | Out-File "$temp\Updates.log" -Append for ( $i=0; $i -le ($NeedUpdates.Updates.Count - 1); $i++ ) { $Update = $NeedUpdates.Updates.Item($i) $rc = $UpdatesToDownload.Add($Update) Write-Output $Update.Title | Out-File "$temp\Updates.log" -Append } ### Download updates $now=Get-Date -format "yyyy/MM/dd HH:mm:ss" Write-Output "$now Downloading Updates..." | Out-File "$temp\Updates.log" -Append Write-Output "$now Downloading Updates..." $Downloader.Updates = $UpdatesToDownload $rc = $Downloader.Download() ### Install Updates $now=Get-Date -format "yyyy/MM/dd HH:mm:ss" Write-Output "$now Installing Updates..." | Out-File "$temp\Updates.log" -Append Write-Output "$now Installing Updates..." $Installer.Updates = $UpdatesToDownload $rc = $Installer.Install() $now=Get-Date -format "yyyy/MM/dd HH:mm:ss" Write-Output "$now Install Complete" | Out-File "$temp\Updates.log" -Append $rc | Out-File "$temp\Updates.log" -Append ### Turn WSUS back on If ( $UseWUServer -eq 1 ) { Set-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU UseWUServer 1 } If ($SmtpServer -ne '') { ### Send email about the updates $From = "$ComputerNameStr@xzy.com" $s = New-Object System.Security.SecureString $creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "NT AUTHORITY\ANONYMOUS LOGON", $S Send-MailMessage -Attachments "$temp\Updates.log" -To $To -Subject 'Windows Update install Results' -Body "Attached is the log from the update installation" -From $From -SmtpServer $SmtpServer -Credential $creds } ### Reboot if required if ($rc.RebootRequired -eq $true -and -not $UserNameStr.EndsWith('$')) { Restart-Computer -Force } else { Restart-Service wuauserv } } else { ### No updates, turn WSUS back on and exit $now=Get-Date -format "yyyy/MM/dd HH:mm:ss" Write-Output "$now No updates found" | Out-File "$temp\Updates.log" -Append Write-Output "$now No updates found" If ( $UseWUServer -eq 1 ) { Set-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU UseWUServer 1 Restart-Service wuauserv } }